The privacy maps being created today are primarily designed to avoid lawsuits.

Futurists like me love maps. Not necessarily physical maps, but the collection of data points that can tell us where we have we been, where we are and where we're going. For many of my colleagues, the enterprise that's in the worst position is the one that has to ask "How did we get here?" That's bad, but I believe that "Where are we?" is even worse.

This is the beef I have with the privacy sphere of our industry. Most organizations don't know where they are in regard to privacy. Maps are not just navigation aids. They are thinking tools. Maps are mirrors that reflect how we think about something. In the case of privacy, the maps being used today shout that organizations have not thought long enough or hard enough about privacy. The privacy maps I have seen do not answer these three essential questions that maps should resolve: "Where have we been?" "Where are we now?" and "Where are we going?" I don't think privacy professionals are giving us the answers we need.

Maps are powerful tools for conveying meaning and guiding action. But bad maps convey false meaning and misguide our actions. Unfortunately, bad maps have a long history in IT. Who can forget the once almost universally held conceit that users were not smart enough to buy their own computers? Or the pantheon of now thankfully retired CIOs at name-brand enterprises who declared that PCs were toys? (I invite readers to email me their thoughts on bad IT maps.)

In an economy driven by information and its use, doesn't it make sense to have a map depicting what we know about the customers, what the customers know we know about them, what we would like to know about the customers and what the customers would like us to know -- or would let us know -- about them? That map would be a good place to start.